All posts for the month February, 2013

Certain memory conditions have to be met before malware can unpack code and run it — the memory has to be writeable to unpack code to it, and executable to be able to execute it. The question is, can we use Win32 API calls to detect malware creating these conditions, and subsequently not only detect and identify unpacked code, but also find the original entry point? Continue Reading

This post explains some measures that you can take to prevent the MySQL cna12.dll attacks from infecting your MySQL server. It follows on from a previous post which explains the attacks. If you find that a cna12.dll file or a piress user account keep reappearing on your MySQL server, then read on. Continue Reading